#
# ipf.conf
#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
#
# This is a simple ruleset that blocks all inbound TCP traffic
# except for SSH, and allows all outbound traffic,
#
# And of course, make sure the loopback allows packets to traverse
# it.
pass in all
pass out all
pass in log quick on lo0 all
pass out log quick on lo0 all
pass in quick on hme0 proto tcp from any to any port = 22 keep state
pass in quick on hme0 proto tcp/udp from any to any port = 53 keep state
pass in quick on hme0 proto tcp/udp from any to any port = 80 keep state
pass in quick on hme0 proto tcp/udp from any to any port = 3128 keep state
pass in quick on hme1 proto tcp from any to any port = 22 keep state
pass in quick on hme1 proto tcp/udp from any to any port = 53 keep state
pass in quick on hme1 proto tcp/udp from any to any port = 80 keep state
pass in quick on hme1 proto tcp/udp from any to any port = 3128 keep state
block return-rst in log on hme0 proto tcp from any to any
block return-rst in log on hme1 proto tcp from any to any
pass out on hme0 proto tcp from any to any keep state
pass out on hme1 proto tcp from any to any keep state